Distributors

The Safe Harbor agreement on which many businesses rely for the transatlantic transfer of personal data is invalid, the Court of Justice of the European Union has ruled.

EU law requires that companies exporting citizens' personal data do so only to countries providing a similar level of legal protection for that data. In the case of the U.S., the exchange of personal data is covered by the Safe Harbor Privacy Principles, which the European Commission ruled in July 2000 provide adequate protection. Businesses relying on the Safe Harbor agreement to transfer personal data from the EU to the U.S. could now be operating illegally.

While the decision will affect companies like Facebook and Google, it is bad news for small and medium-size companies transferring data from the EU to the U.S., said Mike Weston, CEO of data science consultancy Profusion.

"American companies are going to have to restructure how they manage, store and use data in Europe and this will take a lot of time and money," he said.

The CJEU provided a summary of the ruling, the full text of which will be published later.

The court was asked to rule on a matter of law in a case relating to Facebook's transfer of EU citizens' personal data to the U.S.

The question it was asked was: Is a national data protection authority bound by the European Commission's decision of July 26, 2000, that the Safe Harbor agreement provides adequate privacy protection to personal data exported to the U.S., or may it investigate complaints about the level of protection provided in the light of events since that decision?

The High Court of Ireland referred the question to the CJEU in June 2014, in a convoluted case filed by Austrian citizen Maximillian Schrems in October 2013.

In June of that year, Schrems filed a complaint with the Irish Data Protection Commissioner (DPC) disputing the level of privacy protection given to personal data about him held in the U.S. by Facebook. He made the complaint in Ireland because Facebook's European headquarters is there, putting its interactions with citizens of any EU country under Irish data protection law.

The DPC summarily rejected the complaint the following month, pointing to the Commission's 2000 decision that the Safe Harbor principles followed by Facebook were adequate. Schrems asked the high court for a judicial review of the DPC's decision, prompting the court to refer the question about Safe Harbor to the CJEU.

ARN Distributor Directory

ARN Vendor Directory

Slideshows

Selling the benefits of the software-defined data centre

In looking ahead to the future of the data centre, a software-defined reality is emerging. This exclusive ARN roundtable, in association with APC by Schneider Electric, Cisco, HPE, Lenovo and Veritas, assessed the benefits of selling a software-defined data centre strategy, uncovering the key market trends and ongoing partner opportunities.

The channel toasted the top performing players within the Australian market during 2017, as the 11th running of the ARN ICT Industry Awards kicked off with a Champagne Reception at the Hyatt Regency in Sydney - sponsored by Westcon-Comstor and Juniper Networks.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.